Malware Analysis Report

2024-10-19 10:31

Sample ID 220713-sff9wsfhdj
Target 03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761
SHA256 03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761
Tags
locky ransomware suricata
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761

Threat Level: Known bad

The file 03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761 was found to be: Known bad.

Malicious Activity Summary

locky ransomware suricata

Locky

suricata: ET MALWARE Ransomware Locky CnC Beacon

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-07-13 15:03

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-07-13 15:03

Reported

2022-07-13 15:06

Platform

win10v2004-20220414-en

Max time kernel

155s

Max time network

158s

Command Line

"C:\Users\Admin\AppData\Local\Temp\03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761.exe"

Signatures

Locky

ransomware locky

suricata: ET MALWARE Ransomware Locky CnC Beacon

suricata

Processes

C:\Users\Admin\AppData\Local\Temp\03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761.exe

"C:\Users\Admin\AppData\Local\Temp\03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761.exe"

Network

Country Destination Domain Proto
RU 31.41.47.37:80 31.41.47.37 tcp
FR 188.138.88.184:80 tcp
FR 85.25.138.187:80 tcp
NL 104.97.14.81:80 tcp
IE 20.54.110.249:443 tcp
US 8.8.8.8:53 nydbob.nl udp
US 8.8.8.8:53 flfxp.ru udp
US 8.8.8.8:53 sbckmllt.be udp
US 8.8.8.8:53 kquosio.in udp
US 8.8.8.8:53 xgrxbbwgdo.uk udp
US 8.8.8.8:53 lvrrlykypsssv.eu udp
NL 104.97.14.80:80 tcp
NL 104.97.14.80:80 tcp
FR 188.138.88.184:80 tcp
US 20.42.65.89:443 tcp
FR 85.25.138.187:80 tcp
US 8.8.8.8:53 nydbob.nl udp
US 8.8.8.8:53 flfxp.ru udp
US 8.8.8.8:53 sbckmllt.be udp
US 8.8.8.8:53 kquosio.in udp
US 8.8.8.8:53 xgrxbbwgdo.uk udp
US 8.8.8.8:53 lvrrlykypsssv.eu udp
FR 188.138.88.184:80 tcp
FR 85.25.138.187:80 tcp

Files

memory/3416-130-0x0000000000860000-0x000000000088E000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-13 15:03

Reported

2022-07-13 15:06

Platform

win7-20220414-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761.exe"

Signatures

Locky

ransomware locky

suricata: ET MALWARE Ransomware Locky CnC Beacon

suricata

Processes

C:\Users\Admin\AppData\Local\Temp\03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761.exe

"C:\Users\Admin\AppData\Local\Temp\03f6ab1b482eac4acfb793c3e8d0656d7c33cddb5fc38416019d526f43577761.exe"

Network

Country Destination Domain Proto
RU 31.41.47.37:80 31.41.47.37 tcp
FR 188.138.88.184:80 tcp
FR 85.25.138.187:80 tcp
US 8.8.8.8:53 nydbob.nl udp
US 8.8.8.8:53 flfxp.ru udp
US 8.8.8.8:53 sbckmllt.be udp
US 8.8.8.8:53 kquosio.in udp
US 8.8.8.8:53 xgrxbbwgdo.uk udp
US 8.8.8.8:53 lvrrlykypsssv.eu udp
RU 31.41.47.37:80 31.41.47.37 tcp
FR 188.138.88.184:80 tcp
FR 85.25.138.187:80 tcp

Files

memory/1376-54-0x0000000075361000-0x0000000075363000-memory.dmp

memory/1376-55-0x0000000001390000-0x00000000013BE000-memory.dmp